    U.S. Pat. No. 7,124,438, “Systems and methods for anomaly detection in patterns of monitored communications”, Paul Judge et al, Issue date: Oct. 17, 2006.    U.S. Pat. No. 6,507,866, “E-mail usage pattern detection”, Ronald Barchi, Issue date: Jan. 14, 2003.    U.S. Pat. No. 6,735,701, “Network policy management and effectiveness system”, Andrea M. Jacobson, Issue date: May 11, 2004.     U.S. Pat. No. 7,315,891 B2, “Employee Internet Management Device”, Thomas P Donahue, Publication date: Jan. 1, 2008.    U.S. patent application Ser. No. 11/429928, “Methods and Systems for reporting Regions of Interest in Content Files”, Palle M. Pedersen, Publication date: Nov. 8, 2007.    U.S. patent application Ser. No. 11/347463, “Method and a System for Outbound Content Security in Computer Networks ”, Leonid Goldstein, Publication date: Aug. 23, 2007.    U.S. patent application Ser. No. 10/892615, “Method and Apparatus for Creating an Information Security Policy Based on a Pre-configured Template.”, Chris Jones et. al., Publication date: Apr. 21, 2005.    U.S. patent application Ser. No. 11/485537, “Methods and System for Information Leak Prevention”, Lidror Troyansky et al. Publication date: Feb. 1, 2007.    US Patent application number: PCT/US2006/005317, “Methods and Apparatus for Handling Messages containing Pre-selected data”, Vontu Inc., Publication date: Aug. 24, 2006.    U.S. patent application Ser. No. 11/173941, “Message Profiling Systems and Methods”, Paul Judge et. al., Publication date: Jan. 19, 2006.    U.S. patent application Ser. No. 11/284666, “Adaptive System for Content Monitoring”, Ramanathan Jagadeesan et. al., Publication date: Jun. 7, 2007.     U.S. patent application Ser. No. 10/780252, “Method and Apparatus to detect Unauthorized Information Disclosure via Content Anomaly Detection”, Pratyush Moghe, Publication date: Apr. 28, 2005.
“Behaviour based modeling and its application to Email analysis”, Stolfo S J et al, ACM Transactions on Internet Technology, Volume 6, Number 2, May 2006. “Identifying Potential Suspects by Temporal Link Analysis”, Gloor A Peter et. al, http://www.onixnet.com/iquest/whitepapers/linkanalysis.pdf
Prior art considers the problem of information leakage as a content inspection and detection problem. These techniques look at the content of e-mails and try to determine if any sensitive information is being leaked out. Prior art also had looked at pattern anomaly detection, but that too was done from the content scanning perspective using pre-defined regular expressions or keywords, pre-determined policies, or information depending on the number and frequency of mails between senders and recipients. Thus, the outbound e-mail contents were read and information about these contents was then used to identify information leakage. For example, if the mail content contained specific keywords, a leakage was detected. Or, if some mails seemed to have certain words that are not usually the kind used by the sender, that mail will be flagged as an anomaly.
In some cases, both the sender and recipient information together with the time of sending and the frequency of mails were used, though the profile of the  sender with respect to the organization (seniority, position, designation, age, salary etc.) were never used. These techniques are powerful and generic, but they need powerful hardware for scanning the documents and therefore can be a hindrance for many users. These processes also tend to be slow because of the processing involved. Also, scanning may not be to the liking of all users as it makes sensitive information open. Hence the need for a simpler technique that is faster, reliable and non intrusive i.e does not scan sensitive information.